[linux-usb-devel] PATCH: (as164) Ignore garbage at the end of the config information

Tue, 30 Dec 2003 12:53:41 -0800 

On Mon, 29 Dec 2003, Greg KH wrote:

> On Sun, Dec 28, 2003 at 03:14:17PM -0500, Alan Stern wrote:
> > 
> > Apparently some devices put extra garbage at the end of their
> > configuration information.  For the particular device considered here,
> > there's a device descriptor followed by an illegal length-1 descriptor.  
> > (Note that configuration information should never include a device
> > descriptor -- or a configuration descriptor anywhere but at the start, for
> > that matter.)
> > 
> > If we encounter this sort of thing, should we reject the entire device?  
> 
> As much as I would like to, we really shouldn't.
> 
> > Or should we simply stop parsing the configuration information at that 
> > point?
> 
> I think we should do this, along with a nice error message in the syslog
> saying what we just did.

Here it is.  This patch applies on top of as121b (it won't apply to a 
vanilla 2.6.0 kernel).  When a descriptor of invalid length or type is 
encountered, it ignores the remainder of the configuration information.  
This should be safe; if we miss anything important it will be detected 
later on.

Alan Stern


--- 2.6/drivers/usb/core/config.c.orig  Tue Dec 30 14:29:22 2003
+++ 2.6/drivers/usb/core/config.c       Tue Dec 30 14:29:46 2003
@@ -241,7 +241,7 @@
                header = (struct usb_descriptor_header *) buffer2;
                if ((header->bLength > size2) || (header->bLength < 2)) {
                        warn("invalid descriptor of length %d", header->bLength);
-                       return -EINVAL;
+                       goto ignore;
                }
 
                if (header->bDescriptorType == USB_DT_INTERFACE) {
@@ -279,7 +279,10 @@
                } else if ((header->bDescriptorType == USB_DT_DEVICE ||
                    header->bDescriptorType == USB_DT_CONFIG) && buffer2 > buffer) {
                        warn("unexpected descriptor type 0x%X", 
header->bDescriptorType);
-                       return -EINVAL;
+ignore:
+                       warn("ignoring rest of the configuration information");
+                       size = buffer2 - buffer;
+                       break;
                }
 
                buffer2 += header->bLength;




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to